部署前将之前部署的ingress-nginx删除:

[kubeadm@server1 ~]$ kubectl delete namespaces ingress-nginx 
namespace "ingress-nginx" deleted
[kubeadm@server1 ~]$ kubectl get ingress
No resources found in default namespace.
[kubeadm@server1 ~]$

1. 部署

拉取并解压部署文件:

[kubeadm@server1 ~]$ helm search repo nginx-ingress
NAME                	CHART VERSION	APP VERSION	DESCRIPTION                                       
stable/nginx-ingress	1.36.3       	0.30.0     	An nginx Ingress controller that uses ConfigMap...
stable/nginx-lego   	0.3.1        	           	Chart for nginx-ingress-controller and kube-lego  
[kubeadm@server1 ~]$

helm pull stable/nginx-ingress

tar zxf nginx-ingress-1.36.3.tgz

[kubeadm@server1 helm]$ cd nginx-ingress/
[kubeadm@server1 nginx-ingress]$ ls
Chart.yaml  ci  OWNERS  README.md  templates  values.yaml
[kubeadm@server1 nginx-ingress]$

更改变量文件 values.yaml

 vim values.yaml

镜像及标签:

在这里插入图片描述

在这里插入图片描述
使用主机网络且daemoSet使用主机端口打开:

在这里插入图片描述

在这里插入图片描述
更改控制器类型为DaemoSet:

在这里插入图片描述

指定节点选择规则:

在这里插入图片描述在这里插入图片描述

由于我们使用的是hostnetwork的方式,因此不创建service

在这里插入图片描述

定义deafultBackend:

在这里插入图片描述
在这里插入图片描述
修改完成。

创建独立的namespace

[kubeadm@server1 nginx-ingress]$ kubectl create namespace nginx-ingress
namespace/nginx-ingress created
[kubeadm@server1 nginx-ingress]$

安装部署

[kubeadm@server1 nginx-ingress]$ ls
Chart.yaml  ci  OWNERS  README.md  templates  values.yaml
[kubeadm@server1 nginx-ingress]$ helm -n nginx-ingress install nginx-ingress .
NAME: nginx-ingress
LAST DEPLOYED: Fri May 15 14:06:04 2020
NAMESPACE: nginx-ingress
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
......

查看:

[kubeadm@server1 nginx-ingress]$ helm -n nginx-ingress list
NAME         	NAMESPACE    	REVISION	UPDATED                                STATUS  	CHART               	APP VERSION
nginx-ingress	nginx-ingress	1       	2020-05-15 14:06:04.084109462 +0800 CSTdeployed	nginx-ingress-1.36.3	0.30.0     
[kubeadm@server1 nginx-ingress]$

部署完成

2. 测试

(1)定义deployment控制器 维护pod

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-nginx
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: k8s/myapp:v1
        ports:
        - containerPort: 80

[kubeadm@server1 nginx-ingress]$ vim deployment.yaml
[kubeadm@server1 nginx-ingress]$ kubectl apply -f deployment.yaml 
deployment.apps/deployment-nginx created
[kubeadm@server1 nginx-ingress]$ kubectl get pod --show-labels 
NAME                                      READY   STATUS    RESTARTS   AGE   LABELS
deployment-nginx-77d4c6fc75-dzqh7         1/1     Running   0          18s   app=nginx,pod-template-hash=77d4c6fc75
deployment-nginx-77d4c6fc75-k6qpz         1/1     Running   0          18s   app=nginx,pod-template-hash=77d4c6fc75
nfs-client-provisioner-6bf974db79-kd987   1/1     Running   1          18h   app=nfs-client-provisioner,pod-template-hash=6bf974db79
[kubeadm@server1 nginx-ingress]$

(2)创建名为myservice的service 关联后端的pod

apiVersion: v1
kind: Service
metadata:
  name: myservice
spec:
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  selector:
    app: nginx
  type: ClusterIP

[kubeadm@server1 nginx-ingress]$ kubectl apply -f service.yaml
service/myservice created
[kubeadm@server1 nginx-ingress]$ kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP   23d
myservice    ClusterIP   10.103.188.143   <none>        80/TCP    4s
[kubeadm@server1 nginx-ingress]$

在这里插入图片描述

可以看到该service有两个endpoint后端:

[kubeadm@server1 nginx-ingress]$ kubectl describe svc myservice 
Name:              myservice
Namespace:         default
Labels:            <none>
Annotations:       Selector:  app=nginx
Type:              ClusterIP
IP:                10.103.188.143
Port:              <unset>  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.1.161:80,10.244.2.93:80
Session Affinity:  None
Events:            <none>
[kubeadm@server1 nginx-ingress]$

(3)创建ingress (控制关联service)

[kubeadm@server1 nginx-ingress]$ cat ingress.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: example
#  namespace: 
spec:
  rules:
    - host: www1.westos.org
      http:
        paths:
          - backend:
              serviceName: myservice
              servicePort: 80
            path: /

[kubeadm@server1 nginx-ingress]$ kubectl apply -f ingress.yaml 
ingress.extensions/example created

查看创建的ingress的详细信息

在这里插入图片描述
在外部访问(需要做www1.westos.org的解析):

[root@foundation8 Downloads]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl www1.westos.org
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]#

3. 部署加密访问

(1)生成tls密钥和证书

[kubeadm@server1 nginx-ingress]$ cd certs/
[kubeadm@server1 certs]$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=nginxsvc/O=nginxsvc"
Generating a 2048 bit RSA private key
.................................................................................................................+++
..................................................................................................................................................+++
writing new private key to 'tls.key'
-----
[kubeadm@server1 certs]$ ls
tls.crt  tls.key
[kubeadm@server1 certs]$

(2)将生成的证书和key保存到secret里面:

[kubeadm@server1 certs]$ kubectl create secret tls tls-secret --key tls.key --cert tls.crt
secret/tls-secret created
[kubeadm@server1 certs]$ kubectl get secrets 
NAME                                 TYPE                                  DATA   AGE
default-token-jhnhn                  kubernetes.io/service-account-token   3      23d
myregistry                           kubernetes.io/dockerconfigjson        1      17d
nfs-client-provisioner-token-lq8b9   kubernetes.io/service-account-token   3      18h
test-token-pbr8q                     kubernetes.io/service-account-token   3      10d
tls-secret                           kubernetes.io/tls                     2      8s
[kubeadm@server1 certs]$

(3)修改ingress文件:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: example
#  namespace: 
spec:
  rules:
    - host: www1.westos.org
      http:
        paths:
          - backend:
              serviceName: myservice
              servicePort: 80
            path: /
  tls:
    - hosts:
        - www1.westos.org
      secretName: tls-secret

[kubeadm@server1 nginx-ingress]$ kubectl apply -f ingress1.yaml 
ingress.extensions/example created
[kubeadm@server1 nginx-ingress]$

(4)在浏览器访问https://www1.westos.org

在这里插入图片描述

[root@foundation8 Downloads]# curl https://www1.westos.org -k
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl https://www1.westos.org -k
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]# curl https://www1.westos.org -k
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
[root@foundation8 Downloads]#
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes